news
Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (ffmpeg, jetty12, jetty9, jq, and pam), Fedora (curl, libssh, podman-tui, and prometheus-podman-exporter), Oracle (firefox, gnutls, kernel, and thunderbird), and SUSE (bluez, cairo, chromium, cmake, cups, firefox, frr, govulncheck-vulndb, kernel, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, mariadb, mybatis, ognl, python-h2, and rke2).
-
The Register UK ☛ Linux has the lineage to out-evolve the deadliest of cyber threats, given the right push
The IT industry is not only full of sharks, it has shark nature itself. It must keep moving forward to survive. Not all sharks are obligate ram ventilators, and not all IT changes all the time, but without innovation the sector would curdle and die.
Venture capitalists and cash-rich tech companies feel this most keenly, which is why they swarm like makos to the bleeding edge. But innovation itself is not enough. Blockchain is very clever, but has made the world a nastier place while losing a lot of people a lot of money. AI’s trajectory from wait-and-see could just as easily go that way as any other. Actual change, innovation that sticks around and becomes part of a better way forward, doesn’t have to and really should not make its inventors billionaires. It is thus often invisible when leadership is measured in dollars. Nonetheless, it matters to billions.
-
OpenSSF (Linux Foundation) ☛ From Beginner to Builder: Your First Code Contribution
Maybe you've used open source before and wondered how it all works, or you're early in your career and heard that open source contributions can boost your growth. Maybe you've witnessed software supply chain attacks and felt an urge to make a difference. Maybe you just started learning about OpenSSF in our last blog: “Understanding OpenSSF Community and Working Groups.”
-
Scoop News Group ☛ Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques
AT&T’s chief information security officer said attackers are going where traditional defenses are less commonly employed.
-
Security Week ☛ Fortra Patches Critical GoAnywhere MFT Vulnerability
Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection.
-
Security Week ☛ FBI Warns of Spoofed IC3 Website
Threat actors likely spoofed the official government website for personal information theft and monetary fraudulent activity.
-
Security Week ☛ HoundBytes Launches Automated Security Analyst
The Romania-based company has launched WorkHorse and is preparing for a funding round to accelerate growth.
-
Security Week ☛ Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud
L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations.
-
Security Week ☛ Widespread Infostealer Campaign Targeting macOS Users
Threat actors rely on malicious Microsoft's proprietary prison GitHub repositories to infect LastPass’s macOS users with the Atomic infostealer.